Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.8
Wavlink Router: Hostname Manipulation Allows Remote Attacks
CVE-2026-3716
Summary
A vulnerability in the Wavlink WL-WN579X3-C 231124 router allows an attacker to launch a remote attack by manipulating the Hostname field. This could potentially lead to malicious scripts being run on your device, compromising its security. To fix this issue, update your router to version 20260226 as soon as possible.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| wavlink | wl-wn579x3-c_firmware | 231124 | – |
Original title
A vulnerability was determined in Wavlink WL-WN579X3-C 231124. This vulnerability affects the function sub_401AD4 of the file /cgi-bin/adm.cgi. Executing a manipulation of the argument Hostname can...
Original description
A vulnerability was determined in Wavlink WL-WN579X3-C 231124. This vulnerability affects the function sub_401AD4 of the file /cgi-bin/adm.cgi. Executing a manipulation of the argument Hostname can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 20260226 is able to resolve this issue. The affected component should be upgraded. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
nvd CVSS2.0
3.3
nvd CVSS3.1
2.4
nvd CVSS4.0
4.8
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
CWE-94
Code Injection
Published: 8 Mar 2026 · Updated: 13 Mar 2026 · First seen: 8 Mar 2026